MyCity » Ambulanta -> Arhiva Ambulante » Virusi!Hitno!

Virusi!Hitno!

Napisano na dan: 24.4.2009
2

Virusi!Hitno!
Pagination Prethodna strana

Idi na vrh

Poslao: 26 Apr 2009 11:51
Idi na vrh
offline
  • Pridružio: 16 Jan 2009
  • Poruke: 23

Napisano: 26 Apr 2009 11:34

Uploadovoao sam fajl....

Dopuna: 26 Apr 2009 11:51

ComboFix 09-04-25.03 - Admin 26.04.2009 11:39.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.687 [GMT 2:00]
Running from: c:\documents and settings\Admin.PC-0EC8CDAADA00\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Admin.PC-0EC8CDAADA00\Desktop\CFScript.txt
AV: ESET NOD32 antivirus system 2.70 *On-access scanning disabled* (Updated)
* Created a new restore point

FILE ::
c:\documents and settings\Admin.PC-0EC8CDAADA00\iclose.exe
c:\documents and settings\Admin.PC-0EC8CDAADA00\mscup2.exe
c:\documents and settings\Admin\Local Settings\Application Data\Bron.tok.A16.em.bin
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Admin\Local Settings\Application Data\Bron.tok.A16.em.bin
c:\documents and settings\All Users.WINDOWS\Application Data\01381593
c:\documents and settings\All Users.WINDOWS\Application Data\01381593\01381593.exe
c:\documents and settings\All Users.WINDOWS\Application Data\01381593\pc01381593cnf
c:\documents and settings\All Users.WINDOWS\Application Data\01381593\pc01381593ins
c:\documents and settings\All Users.WINDOWS\Application Data\01662234

.
((((((((((((((((((((((((( Files Created from 2009-05-26 to 2009-4-26 )))))))))))))))))))))))))))))))
.

2009-04-26 09:25 . 2009-04-26 09:25 512096 ----a-w c:\windows\system32\drivers\amon.sys
2009-04-26 09:25 . 2009-04-26 09:25 298104 ----a-w c:\windows\system32\imon.dll
2009-04-26 09:25 . 2009-04-26 09:25 15424 ----a-w c:\windows\system32\drivers\nod32drv.sys
2009-04-25 09:32 . 2009-02-13 09:31 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-04-25 09:00 . 2009-04-25 09:00 -------- d-----w c:\documents and settings\Admin.PC-0EC8CDAADA00\Application Data\Malwarebytes
2009-04-25 09:00 . 2009-04-25 09:00 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2009-04-24 19:48 . 2009-04-24 19:48 -------- d-----w c:\documents and settings\Admin.PC-0EC8CDAADA00\Application Data\Lavasoft
2009-04-23 12:08 . 2009-04-24 19:38 81984 ----a-w c:\windows\system32\bdod.bin
2009-04-22 18:54 . 2009-04-22 18:54 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\2036B
2009-04-22 18:41 . 2009-04-22 18:41 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\182AF
2009-04-22 06:49 . 2009-04-22 06:49 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\3A242
2009-04-13 15:16 . 2009-04-13 15:16 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\369C
2009-04-10 13:02 . 2009-04-10 13:03 -------- d-----w c:\windows\system32\NtmsData
2009-04-08 10:37 . 2009-04-08 10:37 -------- d-----w c:\documents and settings\NetworkService.NT AUTHORITY.000\Local Settings\Application Data\Google
2009-04-07 20:06 . 2009-04-07 20:06 56 ---ha-w c:\windows\system32\ezsidmv.dat
2009-04-07 20:06 . 2009-04-07 20:06 -------- d-----w c:\documents and settings\LocalService.NT AUTHORITY.000\Local Settings\Application Data\Google
2009-04-07 20:06 . 2009-04-24 18:22 -------- d-----w c:\documents and settings\Admin.PC-0EC8CDAADA00\Application Data\skypePM
2009-04-04 12:47 . 2009-04-04 12:47 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-30 21:57 . 2009-04-25 16:40 -------- d-----w c:\documents and settings\Admin.PC-0EC8CDAADA00\Application Data\Skype
2009-03-30 21:57 . 2009-04-07 20:06 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-26 09:34 . 2008-11-27 20:29 -------- d-----w c:\program files\Eset
2009-04-23 12:02 . 2009-04-23 11:57 -------- d-----w c:\program files\Common Files\Softwin
2009-04-23 08:50 . 2008-07-12 19:26 -------- d-----w c:\program files\Winamp
2009-04-20 17:32 . 2008-12-28 14:08 -------- d-----w c:\documents and settings\Admin.PC-0EC8CDAADA00\Application Data\BearShare
2009-04-18 08:11 . 2009-04-18 08:11 -------- d-----w c:\program files\Alwil Software
2009-04-14 12:22 . 2009-04-14 12:22 0 ----a-w c:\documents and settings\Admin.PC-0EC8CDAADA00\Application Data\~eu37.tmp
2009-04-07 20:07 . 2008-01-09 12:46 -------- d-----w c:\program files\Google
2009-04-07 20:06 . 2009-03-30 21:56 -------- d-----r c:\program files\Skype
2009-04-07 20:06 . 2008-01-23 18:27 -------- d-----w c:\program files\Common Files\Skype
2009-04-04 12:47 . 2008-03-09 20:41 -------- d-----w c:\program files\Java
2009-01-09 21:03 . 2008-11-28 17:56 67928 ----a-w c:\documents and settings\Admin.PC-0EC8CDAADA00\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2008-12-10 14:42 . 2008-12-10 14:42 144 ----a-w c:\documents and settings\Admin.PC-0EC8CDAADA00\Local Settings\Application Data\fusioncache.dat
2008-11-15 18:23 . 2008-03-09 20:50 79680 ----a-w c:\documents and settings\Admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2008-09-27 22:00 . 2008-01-09 18:04 87608 ----a-w c:\documents and settings\comp\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of c:\documents and settings\All Users.WINDOWS\Application Data\182AF ----

2009-04-22 18:41 . 2008-12-01 16:12 2242 ----a-w c:\documents and settings\All Users.WINDOWS\Application Data\182AF\{23A44D65-5BD9-4EE3-8FDC-4023B7119B57}.swf

---- Directory of c:\documents and settings\All Users.WINDOWS\Application Data\2036B ----

2009-04-22 18:54 . 2008-12-01 16:12 2242 ----a-w c:\documents and settings\All Users.WINDOWS\Application Data\2036B\{568E89DC-427E-4E94-9553-ECE44D17AA8B}.swf

---- Directory of c:\documents and settings\All Users.WINDOWS\Application Data\369C ----

2009-04-13 15:16 . 2008-12-01 16:12 2242 ----a-w c:\documents and settings\All Users.WINDOWS\Application Data\369C\{A5A80C55-6778-40E7-9C79-0D2F8B88FB82}.swf

---- Directory of c:\documents and settings\All Users.WINDOWS\Application Data\3A242 ----

2009-04-22 06:49 . 2008-12-01 16:12 2242 ----a-w c:\documents and settings\All Users.WINDOWS\Application Data\3A242\{CBF2156B-9C03-4185-9225-CDF47FC1EA13}.swf


((((((((((((((((((((((((((((( [Link mogu videti samo ulogovani korisnici] )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-07 00:19 . 2007-11-07 00:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
+ 2008-07-29 04:07 . 2008-07-29 04:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
+ 2008-07-29 04:07 . 2008-07-29 04:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
- 2009-04-25 07:03 . 2009-04-25 07:03 16384 c:\windows\Temp\Perflib_Perfdata_190.dat
+ 2009-04-26 09:36 . 2009-04-26 09:36 16384 c:\windows\Temp\Perflib_Perfdata_190.dat
+ 2008-07-29 06:05 . 2008-07-29 06:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
+ 2008-07-29 01:54 . 2008-07-29 01:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-21 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2002-12-31 15360]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-11-30 32768]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"QuickTime Task"="c:\program files\K-Lite Codec Pack\QuickTime\qttask.exe" [2007-10-19 286720]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-04 148888]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-04-26 949376]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-10-22 1622016]
"nMTaskBarService"="nMtsk.exe" - c:\windows\nMtsk.exe [2005-05-06 90112]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2002-12-31 15360]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2005-12-13 7094272]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=sockspy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Visual Studio\\Common\\Tools\\VS-Ent98\\Vanalyzr\\VARPC.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 gupdate1c9b7bc57c12942;?????? Google Update (gupdate1c9b7bc57c12942);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-07 133104]
R3 a016bus;Sony Ericsson Device A016 driver (WDM);c:\windows\system32\DRIVERS\a016bus.sys [2008-01-18 83880]
R3 a016mdfl;Sony Ericsson Device A016 USB WMC Modeme Filter;c:\windows\system32\DRIVERS\a016mdfl.sys [2008-01-18 15016]
R3 a016mdm;Sony Ericsson Device A016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\a016mdm.sys [2008-01-18 110504]
R3 a016mgmt;Sony Ericsson Device A016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\a016mgmt.sys [2008-01-18 104488]
R3 a016obex;Sony Ericsson Device A016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\a016obex.sys [2008-01-18 100648]
S1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2009-04-26 15424]


--- Other Services/Drivers In Memory ---

*Deregistered* - gupdate1c9b7bc57c12942
.
Contents of the 'Scheduled Tasks' folder

2009-04-26 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-07 20:06]
.
- - - - ORPHANS REMOVED - - - -

BHO-{74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - c:\program files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll


.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = [Link mogu videti samo ulogovani korisnici]{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = [Link mogu videti samo ulogovani korisnici]
uSearchURL,(Default) = [Link mogu videti samo ulogovani korisnici]
LSP: c:\windows\system32\imon.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2009-04-26 11:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(680)
c:\windows\system32\imon.dll
.
Completion time: 2009-04-26 11:42
ComboFix-quarantined-files.txt 2009-04-26 09:41
ComboFix2.txt 2009-04-25 07:14

Pre-Run: 7.413.772.288 bytes free
Post-Run: 7.421.939.712 bytes free

175



Poslao: 26 Apr 2009 13:30
Idi na vrh
rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

@brainstolen

Obrisi rucno ovaj fajl c:\documents and settings\Admin.PC-0EC8CDAADA00\bv2.exe

Kazi mi kakvo je trenutno stanje, da li sada ok.



Poslao: 26 Apr 2009 18:29
Idi na vrh
offline
  • Pridružio: 16 Jan 2009
  • Poruke: 23

Sad je OK...

Poslao: 26 Apr 2009 21:00
Idi na vrh
rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Deinstalacija ComboFix-a i čišćenje SR-a:


Deinstalacija ComboFix-a:
Klikni START a zatim RUN.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

Combofix /u



a zatim klikni OK.

Sačekaj da se proces deinstalacije završi.

MyCity » Ambulanta -> Arhiva Ambulante » Virusi!Hitno!

Ko je trenutno na forumu
 

Ukupno su 2935 korisnika na forumu :: 76 registrovanih, 8 sakrivenih i 2851 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 4719 - dana 07 Dec 2025 13:00

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., Abebe Bikila, aleph_one, alex71, babaroga, Banovo Brdo, bobomicek, bojan_t, boromir, boskelazo, colji, cuki334, Daba75, Deki Duga Devetka, delrey, Dexlex, dolinalima, Dovla 1980, Draganeli, dule10savic, dushan, g_g, gagidjuric, Georgius, GrammaticalAnalysis, Hardenberg, Hitri, igorkozar83, Igritelj, jodzula, JOntra, Jose, K a s p e r, luka35, Malik, mauglibn, MB120mm, mgolub, Mihailo Gazdić, miki kv, Milos ZA, mux, N.e.m.a.nj.a., Neutral-M, nikoladim, Nmr, nsharambasa, pavle_pzs, Pekman, ping15, Plavi Jadran, radoznao, RajkoB, renvoi, shlauf, Sinduk, skylab1111, slono, Smiljkovich, sova72, Tihi86, Tila Painen, TRAVUNIJA, Trpe Grozni, vaci, Viceroy, Visionary, VJ, Vlado82, volimpivuvolimrakiju, yip314, zax22r, Zemun bree, zokizemun, Đurđevdan, 1324